Phishing is an attempt by scammers to get your personal information. They do this by means of trickery through the use of phone calls, emails, or text messages. These messages may look or sound like they’re from a legitimate sender. But clicking a link in or downloading an attachment from such a message can install malware on your device. The goal of the scammer is to steal account numbers, passwords, or Social Security numbers. They can then use these to gain access to different accounts you might have – email, financial, etc. If phishing messages look or sound legitimate, how can you tell if they’re fakes or not?

How to Spot Phishing Messages

Here are some things to look for:

  • Generic greeting. Be wary if the greeting is ambiguous or very generic. Companies or individuals you do business with have your name and will usually use it.
  • A call for immediate action. The message could include language that’s urgent, alarming, or threatening. Or it may stress urgency to click a link, download an attachment, or call a number. The message may claim there’s a problem with your account or your payment information.
  • Offers that sound too good to be true. Offers for incredible discounts, unbelievable savings, or notice of winning something can be irresistible. If it sounds too good to be true, it probably is.
  • Poor grammar or spelling. Scammers have gotten better in this department, but if an email claims to be from a legitimate business but it uses weird language or has typos, it’s likely a phishing attempt.
  • Who’s the sender? If you don’t recognize the sender, consider deleting it. If you decide to open it, be wary of any clicking on any links or downloading any attachments. If you do recognize the sender, you still need to exercise caution. The email could be an imitation, or it could have come from a compromised account. Look at the domain it’s coming from too. Sometimes scammers will use a misspelled name that looks correct at first glance. It might be something like pavpal.com or anazon.com. Or they’ll use a name that looks like it’s associated with the business like paypal.customerservice.com or amazonorders.com.
I Received a Phishing Message – What Next?

Don’t click on links or download any attachments from a phishing message. If you’re at work, report it to your IT manager ASAP. If it came to your personal email, just delete it. You can also block the sender, so you don’t get future emails. This all protects you, but if you want to help fight the scammers and protect others, you can do the following:

  1. Forward phishing emails to the Anti-Phishing Working Group at reportphihshing@apwg.org. If you received a phishing text message, forward it to SPAM (7726).
  2. Report the phishing attack to the FTC at <ReportFraud.ftc.gov.
So far for Cybersecurity Awareness Month, we’ve talked about complex passwords, multi-factor authentication, and now phishing. Check back for my next (and last) post on the importance of keeping your software up to date.